How to unblock blocked sites?

D

Deleted member 76648

Prerequisite: Root | Custom ROM | DPITunnel ( zhenyolka/DPITunnel )

Steps:

Part I:

i. Install DPITunnel and go to settings (cog on the right hand corner).
ii. In the HTTPS and HTTP section enter "40" (without quotes) into Split position.
iii. Make sure 'Change HOST header' is enabled and enter "hoSt" (without quotes) into HOST header spell.
iv. Enable 'Remove space after HOST header'.
v. In 'Other' section untick Use hostlist.
vi. For convenience Enable 'Set DPITunnel proxy globally'.

Part II:
i. Install termux ( Termux | F-Droid - Free and Open Source Android App Repository OR Termux - Apps on Google Play )
ii. Type "su"(without quotes) and hit enter.
iii. Enter the following commands one by one:

iptables -A FORWARD -p tcp --sport 80 -m u32 --u32 "0x4=0x10000 && 0x60=0x7761726e && 0x64=0x696e672e && 0x68=0x636f6d" -m comment --comment "ISP HTTP" -j DROP

iptables -A FORWARD -p tcp --sport 80 -m u32 --u32 "0x4=0x10000 && 0x60=0x7761726e && 0x64=0x696e672e && 0x68=0x746f" -m comment --comment "ISP HTTP" -j DROP

iptables -A FORWARD -p tcp --sport 80 -m u32 --u32 "0x4=0x10000 && 0x60=0x7761726e && 0x64=0x696e672e && 0x68=0x696f" -m comment --comment "ISP HTTP" -j DROP

iptables -A FORWARD -p tcp --sport 80 -m u32 --u32 "0x4=0x10000 && 0x60=0x7761726e && 0x64=0x696e672e && 0x68=0x6f7267" -m comment --comment "ISP HTTP" -j DROP

iptables -A FORWARD -p tcp --sport 80 -m u32 --u32 "0x4=0x10000 && 0x60=0x7761726e && 0x64=0x696e672e && 0x68=0x696e" -m comment --comment "ISP HTTP" -j DROP

iptables -A FORWARD -p tcp --sport 80 -m u32 --u32 "0x4=0x10000 && 0x60=0x7761726e && 0x64=0x696e672e && 0x68=0x6e6574" -m comment --comment "ISP HTTP" -j DROP

iptables -A FORWARD -p tcp --sport 80 -m u32 --u32 "0x4=0x10000 && 0x60=0x7761726e && 0x64=0x696e672e && 0x68=0x6575" -m comment --comment "ISP HTTP" -j DROP

iptables -A FORWARD -p tcp --sport 80 -m u32 --u32 "0x4=0x10000 && 0x60=0x7761726e && 0x64=0x696e672e && 0x68=0x7275" -m comment --comment "ISP HTTP" -j DROP

iptables -A FORWARD -p tcp --sport 80 -m u32 --u32 "0x4=0x10000 && 0x60=0x7761726e && 0x64=0x696e672e && 0x68=0x617070" -m comment --comment "ISP HTTP" -j DROP

iptables -A FORWARD -p tcp --sport 80 -m u32 --u32 "0x4=0x10000 && 0x60=0x7761726e && 0x64=0x696e672e && 0x68=0x636f" -m comment --comment "ISP HTTP" -j DROP

Explanation of Part I: This bypasses Active DPI blocking, you can read more about it on the github page.

Explanation of Part II: This bypasses Passive DPI blocking of certain TLDs. The commands bypass the following TLDs(in sequence): com | to | io | org | in | net | eu | ru | app | co
For more information read this: https://habr.com/ru/post/335436

This method seems to have a bug with play store, it doesn't download apps. You can solve this by disabling DPITunnel. Except this I haven't seen any issues on my device.

To do the same in PC follow this: Source

Thanks to DPITunnel author for the app and pointing out the habr post.
 
Just use a VPN to bypass blocking, all the blocking are TCP reset attacks anyway. Why do you need to root? Or use Cloudflare Warp. It's free. Encrypted DNS and ESNI will bypass TCP reset.
 
Cloudflare WARP is a VPN. Encrypted DNS won't help with blocking TCP Reset attacks as DNS is on a different layer. ESNI only works on certain sites which have ESNI support.

Not saying VPN is a bad thing but it's usually inconvenient to enable it just to access blocked sites.
 
@JB700 WARP is based on WireGuard, yes a VPN protocol. But WARP does not provide any security benefits of a real VPN, hence WARP is not considered a VPN.
www.androidcentral.com

What is Cloudflare's WARP VPN and should you use it?

WARP is a VPN but it's not like most others and doesn't work the way you think a VPN should. Yeah, it's confusing.
www.androidcentral.com www.androidcentral.com
.

I clearly stated encrypted DNS and ESNI helps bypass TCP reset. Test it yourself on Firefox as long as you pass all this: Cloudflare ESNI Checker | Cloudflare

TCP reset will be bypassed.
 
Dark_Nate said:
Just use a VPN to bypass blocking, all the blocking are TCP reset attacks anyway. Why do you need to root? Or use Cloudflare Warp. It's free. Encrypted DNS and ESNI will bypass TCP reset.
Click to expand...
You need root for changing IP tables. Jio doesn't use TCP reset, it uses DPI blocking just like one being used by russian government for censorship. Having all the checks in cloudflare ESNI checker doesn't mean that you can access the blocked sites.
 

CellularCicero said:
You need root for changing IP tables. Jio doesn't use TCP reset, it uses DPI blocking just like one being used by russian government for censorship. Having all the checks in cloudflare ESNI checker doesn't mean that you can access the blocked sites.
Click to expand...
What are you talking about? DPI is an inspection tool, not a blocker. Jio uses TCP reset after inspecting.

In case you're too lazy to read
"We notice that when we specify a PBW in the SNI, we receive a TCP packet with the RST (reset) bit set almost immediately after the connection is established, which closes the established connection. Of course, a plausible explanation could be that the Google server itself might be resetting the connection upon realising that it does not host the PBW. However, this is neither the expected behaviour as per RFC 6066, nor do we notice the server doing so in all cases where we specify a SNI for a website that it is not hosted on the server. For example, when we specify facebook.com as the SNI, not only are we able to complete the TLS handshake but we're also able to make subsequent requests to the server after completing the handshake (albeit receiving an expected "not found" error in response). "

Reliance Jio is using SNI inspection to block websites — The Centre for Internet and Society

Reliance Jio, the most popular ISP in India, is employing a deep packet inspection technique to block websites for its users.
cis-india.org cis-india.org

You can either bypass DPI with some tools like your method which in turn will hide the SNI or DNS query or simply encrypt SNI and DNS. Problem solved.
 
Sushubh said:
ESNI doesn't seem to exist outside Cloudflare still. No package for apache or nginx.
Click to expand...
It's not finalised yet. But even pron sites etc loads when I'm using ESNI+Encrypted DNS and they are not clients of Cloudflare.
You don't need screenshots of my ESNI and pron sites now...
I only use VPN for geo-restricted content.
 
Dark_Nate said:
What are you talking about? DPI is an inspection tool, not a blocker. Jio uses TCP reset after inspecting.

In case you're too lazy to read
"We notice that when we specify a PBW in the SNI, we receive a TCP packet with the RST (reset) bit set almost immediately after the connection is established, which closes the established connection. Of course, a plausible explanation could be that the Google server itself might be resetting the connection upon realising that it does not host the PBW. However, this is neither the expected behaviour as per RFC 6066, nor do we notice the server doing so in all cases where we specify a SNI for a website that it is not hosted on the server. For example, when we specify facebook.com as the SNI, not only are we able to complete the TLS handshake but we're also able to make subsequent requests to the server after completing the handshake (albeit receiving an expected "not found" error in response). "

Reliance Jio is using SNI inspection to block websites — The Centre for Internet and Society

Reliance Jio, the most popular ISP in India, is employing a deep packet inspection technique to block websites for its users.
cis-india.org cis-india.org

You can either bypass DPI with some tools like your method which in turn will hide the SNI or DNS query or simply encrypt SNI and DNS. Problem solved.
Click to expand...
I'm not a networks guy, I thought DPI was for blocking. The link you posted cleared the doubts I never had! So coming to android WARP and INTRA should unblock the sites.
 

Top